There were error(s) loading the rules: /tmp/rules.debug:32: cannot define table pfB_Asia_v4: Cannot allocate memory

gtj

Hello

I just installed pfblocker on my pfsense build and I'm getting this specific error below. When acknowledge it, it re-appears after a while.

Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:32: cannot define table pfB_Asia_v4: Cannot
allocate memory - The line in question reads [32]: table <pfB_Asia_v4> persist file
"/var/db/aliastables/pfB_Asia_v4.txt"
@ 2020-10-27 11:03:50

It's similar to the one in the old (locked now) thread below:
https://forum.netgate.com/topic/129127/ruleerror-there-were-errors-loading-the-rules-tmp-rules-debug-18-cannot-alloc

As per instructions I tried to increase Maximum Table Entries to either 2.000.000 or 500k but the result is I'm losing internet connection after the forced reboot of pfsense.

My hardware is a PC Engines APU2C4 board.

I might as well leave it as is if that error does not affect Firewall functionality.

I apologize for raising an issue already discussed in here but as I said, the related thread is locked so I couldn't just follow up.

Any help will be greatly appreciated.

stephenw10

You can see what the consumed table size actually is if you run an update in pfBlocker and check the output logs there. Is it actually near the available space?

You can hit that error when you are in fact exhausting the available RAM and not the table space:
https://redmine.pfsense.org/issues/10310

What else do you have running there?

Steve

gtj

Hi Steve.

I'm not running many things, to be honest.
1 WAN, 1 LAN a PIA client, and an OpenVPN server.
Also, a Dynamic DNS service if that one counts.

The board has 4GB of RAM.

The problem is that I cannot replicate the problem now as my internet had gone down and couldn't recover even after a reboot. I panicked and ended up restoring the box to a previous state (pre-pfBlocker installation)

Is there a way to prevent this memory saturation? Will there be any benefit if I disable pfblocker logging altogether?
Is that doable?

Currently, my setup without pfblocker installed runs sub- 10% both in CPU and RAM utilization.

stephenw10

I doubt logging would make any difference. Just using fewer or smaller lists is the first thing I would try.

Steve

gtj

Thanks, Steve.
I suppose you're referring to lists of ip's, domains that are being monitored and eventually blocked by pfblocker?

Truth is I included almost everything available....

Do you have any suggestions so that I at least include the more important/most dangerous ones?

stephenw10

@gtj said in There were error(s) loading the rules: /tmp/rules.debug:32: cannot define table pfB_Asia_v4: Cannot allocate memory:

Truth is I included almost everything available....

Ah, well yes that might do it!

Especially if you are running the dev package that has a lot of feeds by default.

Start small and add more if you need them is my recommendation.

I use only the easylist ad servers lists and that blocks almost everything. That's all I need.

Steve

gtj

Yes, I'm running the dev package as I've read it's better overall maintained.

That's the info I wanted Steve. Thank you so much once again. I really appreciate all your help! :)